Anyone with internet access has on average 150 online accounts, according to password manager app Dashlane. Since hackers regularly break into online sites, stealing usernames (typically email addresses), passwords, and god knows what else, many of us have been “pwned” (owned, in hacker lingo).
You could scan security news articles and alerts every day to see if one of the services you have an account with has been hacked. But Mozilla, the nonprofit behind the Firefox web browser, is proposing a better, automated way, called Firefox Monitor, by teaming up with a database of breached sites called HaveIBeenPwned.com, or HIBP.
Already, the HIBP site allows users of any web browser to manually enter their email addresses to learn if they belong to hacked user accounts. (An intermediary service encrypts and obscures this information, so HIBP never sees full usernames and passwords.) At first, Firefox Monitor won’t look much different. Out of the claimed half-billion Firefox users, about 250,000 (mainly in the U.S.) will see a page in the desktop app, inviting them to type in their email addresses for an HIPB check.
The long-term plan, however, is to combine HIBP’s service with Mozilla’s in-development password manager, called Firefox Lockbox, which automatically stores and fills in usernames and passwords for websites you visit. If all goes well, a future version of Monitor (on desktop and mobile apps) will regularly check all these logins against the HIBP database to alert pwned users as soon as possible.